Re: Configure a CAPolicy.inf file
From: Laudon Williams [MSFT] (laudonw_at_online.microsoft.com)
Date: 09/26/03
- Next message: jesica: "I blocked ports 135, 137, 445 on my router still I see unfamiliar addreses on my network"
- Previous message: MS News: "Conect to IIS remotely"
- In reply to: Anette Andresen: "Re: Configure a CAPolicy.inf file"
- Next in thread: David Cross [MS]: "Re: Configure a CAPolicy.inf file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Sep 2003 10:23:40 -0700
2.5.29.15 is the Object Identifier (OID) for keyUsage
(check out RFC3280) for details. AwIBBg== is a
representation of the keyUsage bits you want set.
There is a lot of info on the capolicy.inf in the online
help docs.
-- This posting is provided "AS IS" with no warranties, and confers no rights. >-----Original Message----- >Thanks! That did it :) > >But I wonder what exactly the 2.5.29.15 stands for, and what AwIBBg== means? >Do you have some more in-depth information around what more I can configure >in a CAPolicy.inf file and how that is done? > >Anette > >"Laudon Williams [MSFT]" <laudonw@online.microsoft.com> wrote in message >news:OgeOeu6gDHA.884@TK2MSFTNGP12.phx.gbl... >> [basicconstraintsextension] >> pathlength = 13 >> criticaL=True >> >> [Extensions] >> 2.5.29.15 = AwIBBg== >> Critical = 2.5.29.15 >> >> This should do it. >> >> "Anette Andresen" <anette_andresen@hotmail.com> wrote in message >> news:u2nOEBegDHA.2576@TK2MSFTNGP11.phx.gbl... >> > I'm trying to install and configure a Windows Server 2003 Stand alone >root >> > CA. >> > I have configured most of the CAPolicy.inf file the way I want it using >> > examples from >> > >> >http://www.microsoft.com/technet/treeview/default.asp? url=/technet/prodtechnol/windowsserver2003/proddocs/standa rd/sag_CS_Setup.asp >> > >> > But there is two things I would like to configure: >> > >> > 1. The path length constraint, and >> > >> > 2. The key usage field >> > >> > According to >> > >> >http://www.microsoft.com/technet/treeview/default.asp? url=/technet/prodtechnol/windowsserver2003/proddocs/deploy guide/dssch_pki_mglu.asp >> > is it possible to configure the path length constraint using a >> CAPolicy.inf >> > file, but how is this exactly done? What should I write in my >CAPolicy.inf >> > file? >> > >> > And according to an earlier posting (from Michael Branco dated >2003-08-20) >> > concerning "Customizing the Root Certificate" the answer there was that >> > changing the key usage was possible with the use of a CAPolicy.inf file >> and >> > a link to a best practice document was given >> > >> > (http://www.microsoft.com/technet/prodtechnol/windowsserve r2003/maintain/ope >> > rate/ws3pkibp.asp) >> > But I can't find out how this is done, and again what should I write in >my >> > CAPolicy.inf file if I in example just want the key usage to be >> certificate >> > signing and CRL signing? >> > >> > Regards, >> > Anette Andresen >> > >> > >> >> > > >. >
- Next message: jesica: "I blocked ports 135, 137, 445 on my router still I see unfamiliar addreses on my network"
- Previous message: MS News: "Conect to IIS remotely"
- In reply to: Anette Andresen: "Re: Configure a CAPolicy.inf file"
- Next in thread: David Cross [MS]: "Re: Configure a CAPolicy.inf file"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
